There is some part of me thinking if my providers servers go down my router may fallback to WAN, should I run an additional VPN connection on the device/server itself just in case?

It’s been about a year with this setup however this potential issue has been irking me.

Edit: Kill-switch is disabled on the router’s tunnels as it appears to be bugged in two ways. 1) any manual DNS settings get disregarded network-wide 2) it kills all network connections and not just the devices affected.

you are viewing a single comment's thread
view the rest of the comments

[–] swizzlestick@lemmy.zip 0 points 3 weeks ago* (last edited 3 weeks ago)

I run a split environment. Main router is set up 'normally' with what other people in the house and visitors would expect.

Attached to that is a Pi running an OpenVPN client and a hostapd server that broadcasts a separate WiFi network. Iptables on the Pi are set to only ever allow Internet traffic through the VPN as a killswitch (except for OpenVPN, to prevent a chicken-egg situation), and any wifi clients connected via hostapd are routed through it.

A script occasionally changes the VPN endpoint to keep it interesting. This Pi also acts as a qbitorrent client that stores downloads to a local NAS.

It's a best of both setup that has been stable for over 5 years now.